nanog mailing list archives

Re: Guardian for ARIN

From: "Scott Granados" <scott () wworks net>
Date: Thu, 1 May 2003 23:00:56 -0700


Here here, and if there was a means to see this easily via whois that would
be perfect.  Just one small step to add to the announcement verification
process.  Perhaps something to do with the autoresponder where if the
contact doesn't respond say yearly or over some time period the contact gets
flagged as in question.  Also perhaps the fact that the space is announced
or not and if withdrawn some timer could be set to flag after months or some
appropriate time.  It seems that something additionally could be done.



----- Original Message ----- 
From: "Mike Leber" <mleber () he net>
To: "Sean Donelan" <sean () donelan com>
Cc: <nanog () merit edu>
Sent: Thursday, May 01, 2003 10:44 PM
Subject: Re: Guardian for ARIN



On Fri, 2 May 2003, Sean Donelan wrote:

ARIN was formed, and the duties associated with IP numbers (AS and IP
addresses) were transfered to the new ARIN.  However, Guardian or some
alternative didn't seem to get transferred.  So we're back to anyone
who can spoof the point of contacts e-mail address can make changes
to the ARIN records.

Is it time for ARIN to re-add security to their database update
procedures?


That won't fix the immediate problem of hijacking legacy prefixes with
expired domains for contacts.

The most simplest, quickest, and easiest fix for this would be for ARIN to
strip or mark as unusuable the email address of any contact in their
database with an expired domain.

Even in the case where the expired domain is a mistake, marking the
contact invalid doesn't have adverse affect because it doesn't change the
status of the allocation, and ARIN can provide a way to resubstantiate the
email address by providing proof (i.e. documentation that is the same as
the original documentation provided for the initial allocation).

Also it would make it really obvious that there was a problem if a
customer requests to announce a prefix with a marked invalid contact.

Mike.

+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| mleber () he net                                       http://www.he.net |
+-----------------------------------------------------------------------+

Current thread:

Guardian for ARIN Sean Donelan (May 01)
- RE: Guardian for ARIN Christopher J. Wolff (May 01)
- Re: Guardian for ARIN Mike Leber (May 01)
  - Re: Guardian for ARIN Scott Granados (May 01)
  - Re: Guardian for ARIN william (May 01)
  - Re: Guardian for ARIN Ron da Silva (May 02)
- Re: Guardian for ARIN Lee Howard (May 02)